CVE-2023-41030

Name of the Vulnerable Software and Affected Versions Juplink RX4-1500 versions V1.0.2 through V1.0.5

Description The issue is related to the use of hard-coded credentials in the Juplink RX4-1500 WI-FI router's software. This allows unauthenticated attackers to log in to the web interface or telnet service as the user user, potentially leading to privilege escalation. The exploitation can be done remotely.

Recommendations For Juplink RX4-1500 versions V1.0.2 through V1.0.5, consider changing the default credentials to custom, secure ones to prevent unauthorized access. As a temporary workaround, restrict access to the web interface and telnet service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.